Small business clients are making these cyber security errors

Failure to install patch updates, relying too much on passwords, and failure to train employees are three sources of cyber security losses all too common among small business clients, a technology vendor suggests.

One of the most common cyber security errors among small businesses is failing to install patch updates that are available from an IT vendor, said Derek Manky, chief, security insights and global threat alliances at computer security vendor Fortinet Inc.’s Fortiguard Labs.

A lot of today’s cyber security breaches can be attributed to a failure on the part of the organization to install security patches, Manky said Thursday in an interview.

Canadian Underwriter asked Manky what major cyber security errors small businesses are making.

Failure to have good identity management is one of them, replied Manky.

One way risk managers can improve cyber security is to ensure their organizations have multi-factor authentication, suggests Manky. Simply requiring the user to type in a user name and password is not considered as secure as multi-factor authentication because cyber criminals can steal user’s passwords.

Multi-factor authentication combines something the user knows (such as a password) with something the user possesses. For example, a person might also use a mobile device or insert a public key infrastructure (PKI) card into a reader that is connected to their corporate computer.

One mistake some small businesses make with cyber security is to assume it’s too complicated to setup multi-factor authentication, Manky said.

To initially set up a system of multi-factor authentication is more challenging with a dispersed or remote work force (like many workplaces have with the ongoing pandemic), compared to setting up multi-factor authentication when all their workers are on the premises, suggested Manky.

But once it is set up, multi-factor authentication is easy to maintain, said Manky. “There are lot of solutions that can be used, even free ones, that offer multi-factor authentication.”

Your client does not necessarily have to distribute cards or hardware. Some multi-factor authentication products consist of apps that the users can install on to mobile wireless devices using the IOS or Android operating systems. Those are “soft tokens” that are relatively easy (compared to hard tokens) to distribute to users, said Manky.

He suggested the most common cyber security error is failing to train employees to have “zero trust” – or to not fall victim to attacks such as phishing emails that trick them into installing malicious software.

It goes back to a false sense of security, which is all too common in small business.

“Cyberspace is very noisy,” said Manky. “What we see, globally, is over 100-billion different attacks [or] threat events [happening each] day. So it’s not a matter of if but when.”

Feature image via iStock.com/dcdp